jruby-openssl 0.7.4 → 0.7.6.1

data/test/1.9/test_cipher.rb

@@ -0,0 +1,107 @@
+require_relative 'utils'
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestCipher < Test::Unit::TestCase
+  def setup
+    @c1 = OpenSSL::Cipher::Cipher.new("DES-EDE3-CBC")
+    @c2 = OpenSSL::Cipher::DES.new(:EDE3, "CBC")
+    @key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+    @iv = "\0\0\0\0\0\0\0\0"
+    @hexkey = "0000000000000000000000000000000000000000000000"
+    @hexiv = "0000000000000000"
+    @data = "DATA"
+  end
+
+  def teardown
+    @c1 = @c2 = nil
+  end
+
+  def test_crypt
+    @c1.encrypt.pkcs5_keyivgen(@key, @iv)
+    @c2.encrypt.pkcs5_keyivgen(@key, @iv)
+    s1 = @c1.update(@data) + @c1.final
+    s2 = @c2.update(@data) + @c2.final
+    assert_equal(s1, s2, "encrypt")
+
+    @c1.decrypt.pkcs5_keyivgen(@key, @iv)
+    @c2.decrypt.pkcs5_keyivgen(@key, @iv)
+    assert_equal(@data, @c1.update(s1)+@c1.final, "decrypt")
+    assert_equal(@data, @c2.update(s2)+@c2.final, "decrypt")
+  end
+
+  def test_info
+    assert_equal("DES-EDE3-CBC", @c1.name, "name")
+    assert_equal("DES-EDE3-CBC", @c2.name, "name")
+    assert_kind_of(Fixnum, @c1.key_len, "key_len")
+    assert_kind_of(Fixnum, @c1.iv_len, "iv_len")
+  end
+
+  def test_dup
+    assert_equal(@c1.name, @c1.dup.name, "dup")
+    assert_equal(@c1.name, @c1.clone.name, "clone")
+    @c1.encrypt
+    @c1.key = @key
+    @c1.iv = @iv
+    tmpc = @c1.dup
+    s1 = @c1.update(@data) + @c1.final
+    s2 = tmpc.update(@data) + tmpc.final
+    assert_equal(s1, s2, "encrypt dup")
+  end
+
+  def test_reset
+    @c1.encrypt
+    @c1.key = @key
+    @c1.iv = @iv
+    s1 = @c1.update(@data) + @c1.final
+    @c1.reset
+    s2 = @c1.update(@data) + @c1.final
+    assert_equal(s1, s2, "encrypt reset")
+  end
+
+  def test_empty_data
+    @c1.encrypt
+    assert_raise(ArgumentError){ @c1.update("") }
+  end
+
+  def test_initialize
+    assert_raise(RuntimeError) {@c1.__send__(:initialize, "DES-EDE3-CBC")}
+    assert_raise(RuntimeError) {OpenSSL::Cipher.allocate.final}
+  end
+
+  if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00907000
+    def test_ciphers
+      OpenSSL::Cipher.ciphers.each{|name|
+        assert(OpenSSL::Cipher::Cipher.new(name).is_a?(OpenSSL::Cipher::Cipher))
+      }
+    end
+
+    # This test fails without unlimited US_export.policy
+    def test_AES
+      pt = File.read(__FILE__)
+      %w(ECB CBC CFB OFB).each{|mode|
+        c1 = OpenSSL::Cipher::AES256.new(mode)
+        c1.encrypt
+        c1.pkcs5_keyivgen("passwd")
+        ct = c1.update(pt) + c1.final
+
+        c2 = OpenSSL::Cipher::AES256.new(mode)
+        c2.decrypt
+        c2.pkcs5_keyivgen("passwd")
+        assert_equal(pt, c2.update(ct) + c2.final)
+      }
+    end
+
+    # In JRuby key must be provided first. (CipherError)
+    def NOT_test_AES_crush
+      500.times do
+        assert_nothing_raised("[Bug #2768]") do
+          # it caused OpenSSL SEGV by uninitialized key
+          OpenSSL::Cipher::AES128.new("ECB").update "." * 17
+        end
+      end
+    end
+  end
+end
+
+end

data/test/1.9/test_config.rb

@@ -0,0 +1,288 @@
+require_relative 'utils'
+
+class OpenSSL::TestConfig < Test::Unit::TestCase
+  def setup
+    file = Tempfile.open("openssl.cnf")
+    file << <<__EOD__
+HOME = .
+[ ca ]
+default_ca = CA_default
+[ CA_default ]
+dir = ./demoCA
+certs                =                  ./certs
+__EOD__
+    file.close
+    @it = OpenSSL::Config.new(file.path)
+  end
+
+  def test_constants
+    assert(defined?(OpenSSL::Config::DEFAULT_CONFIG_FILE))
+    assert_nothing_raised do
+      OpenSSL::Config.load(OpenSSL::Config::DEFAULT_CONFIG_FILE)
+    end
+  end
+
+  def test_s_parse
+    c = OpenSSL::Config.parse('')
+    assert_equal("[ default ]\n\n", c.to_s)
+    c = OpenSSL::Config.parse(@it.to_s)
+    assert_equal(['CA_default', 'ca', 'default'], c.sections.sort)
+  end
+
+  def test_s_parse_format
+    c = OpenSSL::Config.parse(<<__EOC__)
+ baz =qx\t                # "baz = qx"
+
+foo::bar = baz            # shortcut section::key format
+  default::bar = baz      # ditto
+a=\t \t                   # "a = ": trailing spaces are ignored
+ =b                       # " = b": empty key
+ =c                       # " = c": empty key (override the above line)
+    d=                    # "c = ": trailing comment is ignored
+
+sq = 'foo''b\\'ar'
+    dq ="foo""''\\""
+    dq2 = foo""bar
+esc=a\\r\\n\\b\\tb
+foo\\bar = foo\\b\\\\ar
+foo\\bar::foo\\bar = baz
+[default1  default2]\t\t  # space is allowed in section name
+          fo =b  ar       # space allowed in value
+[emptysection]
+ [doller ]
+foo=bar
+bar = $(foo)
+baz = 123$(default::bar)456${foo}798
+qux = ${baz}
+quxx = $qux.$qux
+__EOC__
+    assert_equal(['default', 'default1  default2', 'doller', 'emptysection', 'foo', 'foo\\bar'], c.sections.sort)
+    assert_equal(['', 'a', 'bar', 'baz', 'd', 'dq', 'dq2', 'esc', 'foo\\bar', 'sq'], c['default'].keys.sort)
+    assert_equal('c', c['default'][''])
+    assert_equal('', c['default']['a'])
+    assert_equal('qx', c['default']['baz'])
+    assert_equal('', c['default']['d'])
+    assert_equal('baz', c['default']['bar'])
+    assert_equal("foob'ar", c['default']['sq'])
+    assert_equal("foo''\"", c['default']['dq'])
+    assert_equal("foobar", c['default']['dq2'])
+    assert_equal("a\r\n\b\tb", c['default']['esc'])
+    assert_equal("foo\b\\ar", c['default']['foo\\bar'])
+    assert_equal('baz', c['foo']['bar'])
+    assert_equal('baz', c['foo\\bar']['foo\\bar'])
+    assert_equal('b  ar', c['default1  default2']['fo'])
+
+    # dolloer
+    assert_equal('bar', c['doller']['foo'])
+    assert_equal('bar', c['doller']['bar'])
+    assert_equal('123baz456bar798', c['doller']['baz'])
+    assert_equal('123baz456bar798', c['doller']['qux'])
+    assert_equal('123baz456bar798.123baz456bar798', c['doller']['quxx'])
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse("foo = $bar")
+    end
+    assert_equal("error in line 1: variable has no value", excn.message)
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse("foo = $(bar")
+    end
+    assert_equal("error in line 1: no close brace", excn.message)
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse("f o =b  ar      # no space in key")
+    end
+    assert_equal("error in line 1: missing equal sign", excn.message)
+
+    excn = assert_raise(OpenSSL::ConfigError) do
+      OpenSSL::Config.parse(<<__EOC__)
+# comment 1               # comments
+
+#
+ # comment 2
+\t#comment 3
+  [second    ]\t
+[third                    # section not terminated
+__EOC__
+    end
+    assert_equal("error in line 7: missing close square bracket", excn.message)
+  end
+
+  def test_s_load
+    # alias of new
+    c = OpenSSL::Config.load
+    assert_equal("", c.to_s)
+    assert_equal([], c.sections)
+    #
+    file = Tempfile.open("openssl.cnf")
+    file.close
+    c = OpenSSL::Config.load(file.path)
+    assert_equal("[ default ]\n\n", c.to_s)
+    assert_equal(['default'], c.sections)
+  end
+
+  def test_initialize
+    c = OpenSSL::Config.new
+    assert_equal("", c.to_s)
+    assert_equal([], c.sections)
+  end
+
+  def test_initialize_with_empty_file
+    file = Tempfile.open("openssl.cnf")
+    file.close
+    c = OpenSSL::Config.new(file.path)
+    assert_equal("[ default ]\n\n", c.to_s)
+    assert_equal(['default'], c.sections)
+  end
+
+  def test_initialize_with_example_file
+    assert_equal(['CA_default', 'ca', 'default'], @it.sections.sort)
+  end
+
+  def test_get_value
+    assert_equal('CA_default', @it.get_value('ca', 'default_ca'))
+    assert_equal(nil, @it.get_value('ca', 'no such key'))
+    assert_equal(nil, @it.get_value('no such section', 'no such key'))
+    assert_equal('.', @it.get_value('', 'HOME'))
+    assert_raise(TypeError) do
+      @it.get_value(nil, 'HOME') # not allowed unlike Config#value
+    end
+    # fallback to 'default' ugly...
+    assert_equal('.', @it.get_value('unknown', 'HOME'))
+  end
+
+  def test_get_value_ENV
+    key = ENV.keys.first
+    assert_not_nil(key) # make sure we have at least one ENV var.
+    assert_equal(ENV[key], @it.get_value('ENV', key))
+  end
+
+  def test_value
+    # supress deprecation warnings
+    OpenSSL::TestUtils.silent do
+      assert_equal('CA_default', @it.value('ca', 'default_ca'))
+      assert_equal(nil, @it.value('ca', 'no such key'))
+      assert_equal(nil, @it.value('no such section', 'no such key'))
+      assert_equal('.', @it.value('', 'HOME'))
+      assert_equal('.', @it.value(nil, 'HOME'))
+      assert_equal('.', @it.value('HOME'))
+      # fallback to 'default' ugly...
+      assert_equal('.', @it.value('unknown', 'HOME'))
+    end
+  end
+
+  def test_value_ENV
+    OpenSSL::TestUtils.silent do
+      key = ENV.keys.first
+      assert_not_nil(key) # make sure we have at least one ENV var.
+      assert_equal(ENV[key], @it.value('ENV', key))
+    end
+  end
+
+  def test_aref
+    assert_equal({'HOME' => '.'}, @it['default'])
+    assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it['CA_default'])
+    assert_equal({}, @it['no_such_section'])
+    assert_equal({}, @it[''])
+  end
+
+  def test_section
+    OpenSSL::TestUtils.silent do
+      assert_equal({'HOME' => '.'}, @it.section('default'))
+      assert_equal({'dir' => './demoCA', 'certs' => './certs'}, @it.section('CA_default'))
+      assert_equal({}, @it.section('no_such_section'))
+      assert_equal({}, @it.section(''))
+    end
+  end
+
+  def test_sections
+    assert_equal(['CA_default', 'ca', 'default'], @it.sections.sort)
+    @it['new_section'] = {'foo' => 'bar'}
+    assert_equal(['CA_default', 'ca', 'default', 'new_section'], @it.sections.sort)
+    @it['new_section'] = {}
+    assert_equal(['CA_default', 'ca', 'default', 'new_section'], @it.sections.sort)
+  end
+
+  def test_add_value
+    c = OpenSSL::Config.new
+    assert_equal("", c.to_s)
+    # add key
+    c.add_value('default', 'foo', 'bar')
+    assert_equal("[ default ]\nfoo=bar\n\n", c.to_s)
+    # add another key
+    c.add_value('default', 'baz', 'qux')
+    assert_equal('bar', c['default']['foo'])
+    assert_equal('qux', c['default']['baz'])
+    # update the value
+    c.add_value('default', 'baz', 'quxxx')
+    assert_equal('bar', c['default']['foo'])
+    assert_equal('quxxx', c['default']['baz'])
+    # add section and key
+    c.add_value('section', 'foo', 'bar')
+    assert_equal('bar', c['default']['foo'])
+    assert_equal('quxxx', c['default']['baz'])
+    assert_equal('bar', c['section']['foo'])
+  end
+
+  def test_aset
+    @it['foo'] = {'bar' => 'baz'}
+    assert_equal({'bar' => 'baz'}, @it['foo'])
+    @it['foo'] = {'bar' => 'qux', 'baz' => 'quxx'}
+    assert_equal({'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
+
+    # OpenSSL::Config is add only for now.
+    @it['foo'] = {'foo' => 'foo'}
+    assert_equal({'foo' => 'foo', 'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
+    # you cannot override or remove any section and key.
+    @it['foo'] = {}
+    assert_equal({'foo' => 'foo', 'bar' => 'qux', 'baz' => 'quxx'}, @it['foo'])
+  end
+
+  def test_each
+    # each returns [section, key, value] array.
+    ary = @it.map { |e| e }.sort { |a, b| a[0] <=> b[0] }
+    assert_equal(4, ary.size)
+    assert_equal('CA_default', ary[0][0])
+    assert_equal('CA_default', ary[1][0])
+    assert_equal(["ca", "default_ca", "CA_default"], ary[2])
+    assert_equal(["default", "HOME", "."], ary[3])
+  end
+
+  def test_to_s
+    c = OpenSSL::Config.parse("[empty]\n")
+    assert_equal("[ default ]\n\n[ empty ]\n\n", c.to_s)
+  end
+
+  def test_inspect
+    assert_match(/#<OpenSSL::Config sections=\[.*\]>/, @it.inspect)
+  end
+
+  def test_freeze
+    c = OpenSSL::Config.new
+    c['foo'] = [['key', 'value']]
+    c.freeze
+
+    bug = '[ruby-core:18377]'
+    # RuntimeError for 1.9, TypeError for 1.8
+    e = assert_raise(TypeError, bug) do
+      c['foo'] = [['key', 'wrong']]
+    end
+    assert_match(/can't modify/, e.message, bug)
+  end
+
+  def test_dup
+    assert(!@it.sections.empty?)
+    c = @it.dup
+    assert_equal(@it.sections.sort, c.sections.sort)
+    @it['newsection'] = {'a' => 'b'}
+    assert_not_equal(@it.sections.sort, c.sections.sort)
+  end
+
+  def test_clone
+    assert(!@it.sections.empty?)
+    c = @it.clone
+    assert_equal(@it.sections.sort, c.sections.sort)
+    @it['newsection'] = {'a' => 'b'}
+    assert_not_equal(@it.sections.sort, c.sections.sort)
+  end
+end if defined?(OpenSSL)

data/test/1.9/test_digest.rb

@@ -0,0 +1,118 @@
+require_relative 'utils'
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestDigest < Test::Unit::TestCase
+  def setup
+    @d1 = OpenSSL::Digest::Digest::new("MD5")
+    @d2 = OpenSSL::Digest::MD5.new
+    @md = Digest::MD5.new
+    @data = "DATA"
+  end
+
+  def teardown
+    @d1 = @d2 = @md = nil
+  end
+
+  def test_digest
+    assert_equal(@md.digest, @d1.digest)
+    assert_equal(@md.hexdigest, @d1.hexdigest)
+    @d1 << @data
+    @d2 << @data
+    @md << @data
+    assert_equal(@md.digest, @d1.digest)
+    assert_equal(@md.hexdigest, @d1.hexdigest)
+    assert_equal(@d1.digest, @d2.digest)
+    assert_equal(@d1.hexdigest, @d2.hexdigest)
+    assert_equal(@md.digest, OpenSSL::Digest::MD5.digest(@data))
+    assert_equal(@md.hexdigest, OpenSSL::Digest::MD5.hexdigest(@data))
+  end
+
+  def test_eql
+    assert(@d1 == @d2, "==")
+    d = @d1.clone
+    assert(d == @d1, "clone")
+  end
+
+  def test_info
+    assert_equal("MD5", @d1.name, "name")
+    assert_equal("MD5", @d2.name, "name")
+    assert_equal(16, @d1.size, "size")
+  end
+
+  def test_dup
+    @d1.update(@data)
+    assert_equal(@d1.name, @d1.dup.name, "dup")
+    assert_equal(@d1.name, @d1.clone.name, "clone")
+    assert_equal(@d1.digest, @d1.clone.digest, "clone .digest")
+  end
+
+  def test_reset
+    @d1.update(@data)
+    dig1 = @d1.digest
+    @d1.reset
+    @d1.update(@data)
+    dig2 = @d1.digest
+    assert_equal(dig1, dig2, "reset")
+  end
+
+  def test_digest_constants
+    algs = %w(DSS1 MD4 MD5 RIPEMD160 SHA SHA1)
+    if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
+      algs += %w(SHA224 SHA256 SHA384 SHA512)
+    end
+    algs.each do |alg|
+      assert_not_nil(OpenSSL::Digest.new(alg))
+      klass = OpenSSL::Digest.const_get(alg)
+      assert_not_nil(klass.new)
+    end
+  end
+
+  def test_digest_by_oid_and_name
+    check_digest(OpenSSL::ASN1::ObjectId.new("MD5"))
+    check_digest(OpenSSL::ASN1::ObjectId.new("SHA1"))
+  end
+
+  if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
+    def encode16(str)
+      str.unpack("H*").first
+    end
+
+    def test_098_features
+      sha224_a = "abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5"
+      sha256_a = "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb"
+      sha384_a = "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31"
+      sha512_a = "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75"
+
+      assert_equal(sha224_a, OpenSSL::Digest::SHA224.hexdigest("a"))
+      assert_equal(sha256_a, OpenSSL::Digest::SHA256.hexdigest("a"))
+      assert_equal(sha384_a, OpenSSL::Digest::SHA384.hexdigest("a"))
+      assert_equal(sha512_a, OpenSSL::Digest::SHA512.hexdigest("a"))
+
+      assert_equal(sha224_a, encode16(OpenSSL::Digest::SHA224.digest("a")))
+      assert_equal(sha256_a, encode16(OpenSSL::Digest::SHA256.digest("a")))
+      assert_equal(sha384_a, encode16(OpenSSL::Digest::SHA384.digest("a")))
+      assert_equal(sha512_a, encode16(OpenSSL::Digest::SHA512.digest("a")))
+    end
+
+    def test_digest_by_oid_and_name_sha2
+      check_digest(OpenSSL::ASN1::ObjectId.new("SHA224"))
+      check_digest(OpenSSL::ASN1::ObjectId.new("SHA256"))
+      check_digest(OpenSSL::ASN1::ObjectId.new("SHA384"))
+      check_digest(OpenSSL::ASN1::ObjectId.new("SHA512"))
+    end
+  end
+
+  private
+
+  def check_digest(oid)
+    d = OpenSSL::Digest.new(oid.sn)
+    assert_not_nil(d)
+    d = OpenSSL::Digest.new(oid.ln)
+    assert_not_nil(d)
+    d = OpenSSL::Digest.new(oid.oid)
+    assert_not_nil(d)
+  end
+end
+
+end

data/test/1.9/test_engine.rb

@@ -0,0 +1,15 @@
+require_relative 'utils'
+
+if defined?(OpenSSL) && defined?(OpenSSL::Engine)
+
+class OpenSSL::TestEngine < Test::Unit::TestCase
+
+  def test_engines_free # [ruby-dev:44173]
+    OpenSSL::Engine.load
+    OpenSSL::Engine.engines
+    OpenSSL::Engine.engines
+  end
+
+end
+
+end

data/test/1.9/test_hmac.rb

@@ -0,0 +1,32 @@
+require_relative 'utils'
+
+class OpenSSL::TestHMAC < Test::Unit::TestCase
+  def setup
+    @digest = OpenSSL::Digest::MD5
+    @key = "KEY"
+    @data = "DATA"
+    @h1 = OpenSSL::HMAC.new(@key, @digest.new)
+    @h2 = OpenSSL::HMAC.new(@key, "MD5")
+  end
+
+  def teardown
+  end
+
+  def test_hmac
+    @h1.update(@data)
+    @h2.update(@data)
+    assert_equal(@h1.digest, @h2.digest)
+
+    assert_equal(OpenSSL::HMAC.digest(@digest.new, @key, @data), @h1.digest, "digest")
+    assert_equal(OpenSSL::HMAC.hexdigest(@digest.new, @key, @data), @h1.hexdigest, "hexdigest")
+
+    assert_equal(OpenSSL::HMAC.digest("MD5", @key, @data), @h2.digest, "digest")
+    assert_equal(OpenSSL::HMAC.hexdigest("MD5", @key, @data), @h2.hexdigest, "hexdigest")
+  end
+
+  def test_dup
+    @h1.update(@data)
+    h = @h1.dup
+    assert_equal(@h1.digest, h.digest, "dup digest")
+  end
+end if defined?(OpenSSL)

data/test/1.9/test_ns_spki.rb

@@ -0,0 +1,50 @@
+require_relative 'utils'
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestNSSPI < Test::Unit::TestCase
+  def setup
+    # This request data is adopt from the specification of
+    # "Netscape Extensions for User Key Generation".
+    # -- http://wp.netscape.com/eng/security/comm4-keygen.html
+    @b64  = "MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue+PtwBRE6XfV"
+    @b64 << "WtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID"
+    @b64 << "AQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n/S"
+    @b64 << "r/7iJNroWlSzSMtTiQTEB+ADWHGj9u1xrUrOilq/o2cuQxIfZcNZkYAkWP4DubqW"
+    @b64 << "i0//rgBvmco="
+  end
+
+  def test_build_data
+    key1 = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    key2 = OpenSSL::TestUtils::TEST_KEY_RSA2048
+    spki = OpenSSL::Netscape::SPKI.new
+    spki.challenge = "RandomString"
+    spki.public_key = key1.public_key
+    spki.sign(key1, OpenSSL::Digest::SHA1.new)
+    assert(spki.verify(spki.public_key))
+    assert(spki.verify(key1.public_key))
+    assert(!spki.verify(key2.public_key))
+
+    der = spki.to_der
+    spki = OpenSSL::Netscape::SPKI.new(der)
+    assert_equal("RandomString", spki.challenge)
+    assert_equal(key1.public_key.to_der, spki.public_key.to_der)
+    assert(spki.verify(spki.public_key))
+  end
+
+  def test_decode_data
+    spki = OpenSSL::Netscape::SPKI.new(@b64)
+    assert_equal(@b64, spki.to_pem)
+    assert_equal(@b64.unpack("m").first, spki.to_der)
+    assert_equal("MozillaIsMyFriend", spki.challenge)
+    assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+
+    spki = OpenSSL::Netscape::SPKI.new(@b64.unpack("m").first)
+    assert_equal(@b64, spki.to_pem)
+    assert_equal(@b64.unpack("m").first, spki.to_der)
+    assert_equal("MozillaIsMyFriend", spki.challenge)
+    assert_equal(OpenSSL::PKey::RSA, spki.public_key.class)
+  end
+end
+
+end

data/test/1.9/test_ocsp.rb

@@ -0,0 +1,47 @@
+require_relative "utils"
+
+if defined?(OpenSSL)
+
+class OpenSSL::TestOCSP < Test::Unit::TestCase
+  def setup
+    ca_subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCA")
+    ca_key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    ca_serial = 0xabcabcabcabc
+
+    subj = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=TestCert")
+    @key = OpenSSL::TestUtils::TEST_KEY_RSA1024
+    serial = 0xabcabcabcabd
+
+    now = Time.at(Time.now.to_i) # suppress usec
+    dgst = OpenSSL::Digest::SHA1.new
+
+    @ca_cert = OpenSSL::TestUtils.issue_cert(
+       ca_subj, ca_key, ca_serial, now, now+3600, [], nil, nil, dgst)
+    @cert = OpenSSL::TestUtils.issue_cert(
+       subj, @key, serial, now, now+3600, [], @ca_cert, nil, dgst)
+  end
+
+  def test_new_certificate_id
+    cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert)
+    assert_kind_of OpenSSL::OCSP::CertificateId, cid
+    assert_equal @cert.serial, cid.serial
+  end
+
+  def test_new_certificate_id_with_digest
+    cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA256.new)
+    assert_kind_of OpenSSL::OCSP::CertificateId, cid
+    assert_equal @cert.serial, cid.serial
+  end if defined?(OpenSSL::Digest::SHA256)
+
+  def test_new_ocsp_request
+    request = OpenSSL::OCSP::Request.new
+    cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest::SHA1.new)
+    request.add_certid(cid)
+    request.sign(@cert, @key, [@cert])
+    assert_kind_of OpenSSL::OCSP::Request, request
+    # in current implementation not same instance of certificate id, but should contain same data
+    assert_equal cid.serial, request.certid.first.serial
+  end
+end
+
+end